Bug 1211922

Summary: VUL-0: MozillaFirefox / MozillaThunderbird: update to 114 and 102.12esr
Product: [Novell Products] SUSE Security Incidents Reporter: Martin Sirringhaus <martin.sirringhaus>
Component: IncidentsAssignee: Martin Sirringhaus <martin.sirringhaus>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: rfrohl, wolfgang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/368113/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-34414:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3.1:SUSE:CVE-2023-34415:6.5:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) CVSSv3.1:SUSE:CVE-2023-34416:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3.1:SUSE:CVE-2023-34417:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 3 Martin Sirringhaus 2023-06-06 12:31:57 UTC 
- Mozilla Firefox ESR 102.12
  MFSA 2023-19
  * CVE-2023-34414 (bmo#1695986)
    Click-jacking certificate exceptions through rendering lag
  * CVE-2023-34416 (bmo#1752703, bmo#1818394, bmo#1826875,
    bmo#1827340, bmo#1827655, bmo#1828065, bmo#1830190,
    bmo#1830206, bmo#1830795, bmo#1833339)
    Memory safety bugs fixed in Firefox 114 and Firefox ESR
    102.12

- Mozilla Firefox 114
  MFSA 2023-18
  * CVE-2023-34414 (bmo#1695986)
    Click-jacking certificate exceptions through rendering lag
  * CVE-2023-34415 (bmo#1811999)
    Site-isolation bypass on sites that allow open redirects to
    data: urls
  * CVE-2023-34416 (bmo#1752703, bmo#1818394, bmo#1826875,
    bmo#1827340, bmo#1827655, bmo#1828065, bmo#1830190,
    bmo#1830206, bmo#1830795, bmo#1833339)
    Memory safety bugs fixed in Firefox 114 and Firefox ESR
    102.12
  * CVE-2023-34417 (bmo#1746447, bmo#1820903, bmo#1832832)
    Memory safety bugs fixed in Firefox 114
Comment 4 Maintenance Automation 2023-06-07 12:30:17 UTC 
SUSE-SU-2023:2441-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1211922
CVE References: CVE-2023-34414, CVE-2023-34416
Sources used:
SUSE OpenStack Cloud 9 (src): MozillaFirefox-102.12.0-112.162.1
SUSE OpenStack Cloud Crowbar 9 (src): MozillaFirefox-102.12.0-112.162.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): MozillaFirefox-102.12.0-112.162.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): MozillaFirefox-102.12.0-112.162.1
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): MozillaFirefox-102.12.0-112.162.1
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): MozillaFirefox-102.12.0-112.162.1
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): MozillaFirefox-102.12.0-112.162.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): MozillaFirefox-102.12.0-112.162.1
SUSE Linux Enterprise Server 12 SP5 (src): MozillaFirefox-102.12.0-112.162.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): MozillaFirefox-102.12.0-112.162.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Maintenance Automation 2023-06-07 12:30:19 UTC 
SUSE-SU-2023:2440-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1211922
CVE References: CVE-2023-34414, CVE-2023-34416
Sources used:
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-102.12.0-150000.150.88.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): MozillaFirefox-102.12.0-150000.150.88.1
SUSE CaaS Platform 4.0 (src): MozillaFirefox-102.12.0-150000.150.88.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-102.12.0-150000.150.88.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Maintenance Automation 2023-06-12 16:30:01 UTC 
SUSE-SU-2023:2489-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1211922
CVE References: CVE-2023-34414, CVE-2023-34416
Sources used:
openSUSE Leap 15.4 (src): MozillaFirefox-102.12.0-150200.152.90.1
openSUSE Leap 15.5 (src): MozillaFirefox-102.12.0-150200.152.90.1
Desktop Applications Module 15-SP4 (src): MozillaFirefox-102.12.0-150200.152.90.1
Desktop Applications Module 15-SP5 (src): MozillaFirefox-102.12.0-150200.152.90.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-102.12.0-150200.152.90.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): MozillaFirefox-102.12.0-150200.152.90.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): MozillaFirefox-102.12.0-150200.152.90.1
SUSE Linux Enterprise Real Time 15 SP3 (src): MozillaFirefox-102.12.0-150200.152.90.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-102.12.0-150200.152.90.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): MozillaFirefox-102.12.0-150200.152.90.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): MozillaFirefox-102.12.0-150200.152.90.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): MozillaFirefox-102.12.0-150200.152.90.1
SUSE Enterprise Storage 7.1 (src): MozillaFirefox-102.12.0-150200.152.90.1
SUSE Enterprise Storage 7 (src): MozillaFirefox-102.12.0-150200.152.90.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Marcus Meissner 2024-01-24 15:29:53 UTC 
done
Comment 11 Maintenance Automation 2024-02-27 11:59:55 UTC 
SUSE-SU-2023:2612-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1211922
CVE References: CVE-2023-34414, CVE-2023-34416
Sources used:
openSUSE Leap 15.4 (src): MozillaThunderbird-102.12.0-150200.8.121.1
openSUSE Leap 15.5 (src): MozillaThunderbird-102.12.0-150200.8.121.1
SUSE Package Hub 15 15-SP4 (src): MozillaThunderbird-102.12.0-150200.8.121.1
SUSE Package Hub 15 15-SP5 (src): MozillaThunderbird-102.12.0-150200.8.121.1
SUSE Linux Enterprise Workstation Extension 15 SP4 (src): MozillaThunderbird-102.12.0-150200.8.121.1
SUSE Linux Enterprise Workstation Extension 15 SP5 (src): MozillaThunderbird-102.12.0-150200.8.121.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.